Changeset 95346 in webkit


Ignore:
Timestamp:
Sep 16, 2011 6:02:45 PM (13 years ago)
Author:
commit-queue@webkit.org
Message:

Large canvas fills should not crash or create unnecessarily large image buffers
https://bugs.webkit.org/show_bug.cgi?id=67988

Source/WebCore:

When using source-in, destination-in, source-out, or destination-atop a temporary
buffer is created. This buffer only needs to be big enough to cover the intersection
of the path and the canvas. If the area of intersection between the fill and the
canvas is empty the canvas is completely cleared and a temporary buffer is not used.

This change also adds some null checks for failures to create contexts or buffers.

Patch by Ben Wells <benwells@chromium.org> on 2011-09-16
Reviewed by Darin Adler.

Test: fast/canvas/canvas-large-fills.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::clearCanvas):
(WebCore::CanvasRenderingContext2D::fillAndDisplayTransparencyElsewhere):

LayoutTests:

Patch by Ben Wells <benwells@chromium.org> on 2011-09-16
Reviewed by Darin Adler.

  • fast/canvas/canvas-large-fills-expected.txt: Added.
  • fast/canvas/canvas-large-fills.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r95343 r95346  
     12011-09-16  Ben Wells  <benwells@chromium.org>
     2
     3        Large canvas fills should not crash or create unnecessarily large image buffers
     4        https://bugs.webkit.org/show_bug.cgi?id=67988
     5
     6        Reviewed by Darin Adler.
     7
     8        * fast/canvas/canvas-large-fills-expected.txt: Added.
     9        * fast/canvas/canvas-large-fills.html: Added.
     10
    1112011-09-16  Ryosuke Niwa  <rniwa@webkit.org>
    212
  • trunk/Source/WebCore/ChangeLog

    r95344 r95346  
     12011-09-16  Ben Wells  <benwells@chromium.org>
     2
     3        Large canvas fills should not crash or create unnecessarily large image buffers
     4        https://bugs.webkit.org/show_bug.cgi?id=67988
     5
     6        When using source-in, destination-in, source-out, or destination-atop a temporary
     7        buffer is created. This buffer only needs to be big enough to cover the intersection
     8        of the path and the canvas. If the area of intersection between the fill and the
     9        canvas is empty the canvas is completely cleared and a temporary buffer is not used.
     10
     11        This change also adds some null checks for failures to create contexts or buffers.
     12
     13        Reviewed by Darin Adler.
     14
     15        Test: fast/canvas/canvas-large-fills.html
     16
     17        * html/canvas/CanvasRenderingContext2D.cpp:
     18        (WebCore::CanvasRenderingContext2D::clearCanvas):
     19        (WebCore::CanvasRenderingContext2D::fillAndDisplayTransparencyElsewhere):
     20
    1212011-09-16  Shawn Singh  <shawnsingh@chromium.org>
    222
  • trunk/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp

    r95198 r95346  
    14691469    FloatRect canvasRect(0, 0, canvas()->width(), canvas()->height());
    14701470    GraphicsContext* c = drawingContext();
     1471    if (!c)
     1472        return;
    14711473
    14721474    c->save();
     
    15041506    ASSERT(shouldDisplayTransparencyElsewhere());
    15051507
     1508    IntRect canvasRect(0, 0, canvas()->width(), canvas()->height());
     1509    canvasRect = canvas()->baseTransform().mapRect(canvasRect);
    15061510    Path path = transformAreaToDevice(area);
    15071511    IntRect bufferRect = enclosingIntRect(path.boundingRect());
     1512    bufferRect.intersect(canvasRect);
     1513
     1514    if (bufferRect.isEmpty()) {
     1515        clearCanvas();
     1516        return;
     1517    }
     1518
    15081519    path.translate(FloatSize(-bufferRect.x(), -bufferRect.y()));
    15091520
    15101521    RenderingMode renderMode = isAccelerated() ? Accelerated : Unaccelerated;
    15111522    OwnPtr<ImageBuffer> buffer = ImageBuffer::create(bufferRect.size(), ColorSpaceDeviceRGB, renderMode);
     1523    if (!buffer)
     1524        return;
     1525
    15121526    buffer->context()->setCompositeOperation(CompositeSourceOver);
    15131527    state().m_fillStyle->applyFillColor(buffer->context());
    15141528    buffer->context()->fillPath(path);
    15151529
    1516     FloatRect canvasRect(0, 0, canvas()->width(), canvas()->height());
    1517     canvasRect = canvas()->baseTransform().mapRect(canvasRect);
    1518 
    1519     GraphicsContext* c = drawingContext();
     1530    GraphicsContext* c = drawingContext();
     1531    if (!c)
     1532        return;
     1533
    15201534    c->save();
    15211535    c->setCTM(AffineTransform());
Note: See TracChangeset for help on using the changeset viewer.